diff --git a/Cargo.lock b/Cargo.lock index 91d40b5..09b31ad 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -258,6 +258,12 @@ version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" +[[package]] +name = "base64" +version = "0.21.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4a4ddaa51a5bc52a6948f74c06d20aaaddb71924eab79b8c97a8c556e942d6a" + [[package]] name = "bitflags" version = "1.3.2" @@ -1297,6 +1303,7 @@ dependencies = [ "md5", "nom 4.2.3", "regex", + "rustls-pemfile", "separator", "serde", "serde_derive", @@ -1678,11 +1685,11 @@ dependencies = [ [[package]] name = "rustls-pemfile" -version = "1.0.1" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0864aeff53f8c05aa08d86e5ef839d3dfcf07aeba2db32f12db0ef716e87bd55" +checksum = "d194b56d58803a43635bdc398cd17e383d6f71f9182b9a192c127ca42494a59b" dependencies = [ - "base64 0.13.1", + "base64 0.21.0", ] [[package]] diff --git a/ofborg/Cargo.toml b/ofborg/Cargo.toml index 49fb829..9029188 100644 --- a/ofborg/Cargo.toml +++ b/ofborg/Cargo.toml @@ -32,3 +32,4 @@ tempfile = "3.3.0" tracing = "0.1.37" tracing-subscriber = { version = "0.3.16", features = ["json", "env-filter"] } uuid = { version = "1.2", features = ["v4"] } +rustls-pemfile = "1.0.2" diff --git a/ofborg/src/config.rs b/ofborg/src/config.rs index 9e97dce..c095cfe 100644 --- a/ofborg/src/config.rs +++ b/ofborg/src/config.rs @@ -4,7 +4,7 @@ use crate::nix::Nix; use std::collections::HashMap; use std::fmt; use std::fs::File; -use std::io::Read; +use std::io::{BufReader, Read}; use std::marker::PhantomData; use std::path::{Path, PathBuf}; @@ -183,8 +183,15 @@ impl GithubAppVendingMachine { } fn jwt(&self) -> JWTCredentials { - let key = std::fs::read(self.conf.private_key.clone()).expect("Unable to read private_key"); - JWTCredentials::new(self.conf.app_id, key).expect("Unable to create JWTCredentials") + let private_key_file = + File::open(self.conf.private_key.clone()).expect("Unable to read private_key"); + let mut private_key_reader = BufReader::new(private_key_file); + let private_keys = rustls_pemfile::rsa_private_keys(&mut private_key_reader) + .expect("Unable to convert private_key to DER format"); + // We can be reasonably certain that there will only be one private key in this file + let private_key = &private_keys[0]; + JWTCredentials::new(self.conf.app_id, private_key.to_vec()) + .expect("Unable to create JWTCredentials") } fn install_id_for_repo(&mut self, owner: &str, repo: &str) -> Option {